A number of players in the knowledge processing outsourcing space in India do not allow their analysts access to local hard drives, disable the use of pen drives and prevent access to Internet mail. MR R. BENTON ARMSTRONG, GLOBAL LEADER, FORENSIC TECHNOLOGY SERVICES, PRICEWATERHOUSECOOPERS.

The corporate world is facing a growing incidence of fraud, where the source is internal or external, apart from encountering issues around recent phenomena like phishing and skimming and whistle-blowing on suspicion of fraud.

Speaking to Business Line on the PwC division's operations in India and the challenges arising out of corporate fraud, he said that forensic technology services (FTS) are also relevant to American multinationals operating in India, as they need to comply with the Foreign Corrupt Practices Act (FCPA) and anti-money laundering (AML) standards. "Besides, AML could also be enacted as a requirement for Indian banks."

On the kinds of fraud PwC has grappled with in India, he said that there are particular patterns of fraud that happen, but these do not necessarily follow an industry pattern.

"For instance, the US-based Association of Certified Fraud Examiners has established a fraud taxonomy. This typically includes asset misappropriation, credit card fraud, etc."

Citing the example of the telecom industry, he said that certain frauds happen at the subscriber level, where subscribers and a cartel of dealers form a pseudo-churn situation, "where the same customer reappears under different names. As a result, the provider pays the cartel money for introducing new customers, when it is actually the same customer. But this is now taken care of by most telecom fraud management systems."

According to Mr Armstrong, the PwC global forensic technology practice works with forensic accountants, finance professionals and corporate and outside counsel to help clients "proactively detect" potentially fraudulent activity within the organisation and respond to "unplanned events such as corporate investigations and other crisis situations."

The practice brings together data analysis techniques with proprietary software and hardware to identify, seize, secure and analyse evidence located on computer systems or other storage media.

"Sources of information often include e-mail, accounting data and other financial information. Our team provides support to various groups such as dispute analysis and investigations and internal audit services."

The domains requiring PwC expertise could range from bribery and corruption claims, suspicion of accounting manipulation and inappropriate/inadequate disclosure, to dealing with major insurance claims, ensuring royalty income is correct and auditing licensing contracts.

The division also works in the areas of independent evaluation of loss and damage arising from a breach of contract, litigation and international arbitration, compliance with financial crime regulations and checking for effectiveness of anti-fraud programmes.

"Often, companies seek counsel from FTS to understand what policies and procedures can be put in place in order to stop the occurrence of fraud. Our findings are used to deliver better compliance structures."

Besides, many companies have weak data retention policies and tend to store "either too much information, or in the cases of some regulated industries, too little."

Also, he added, most companies do not actively enforce their policies. "We work with clients to assess their existing IT environment and help develop reasonable and enforceable policies."

Mr Armstrong is confident that the use of technology and FTS will only increase in the years to come, since increasingly complex fraudulent practices need technology to determine preventive as well as detection mechanisms.

"In industries such as telecom and banking, complex data analysis tools and methodologies are required to sift through large volumes of data in order to detect patterns. Besides, detection and prevention will become more and more real-time."

According to him, it is difficult to estimate the magnitude of occurrence in any country, as it is an unplanned event.

However, a PwC global survey on crime reported that 40 per cent of respondents reported significant damage to their brand or reputation, a decline in staff morale or impaired business relations.

Regardless of size and frequency of occurrence in the industry or country, it is in a company's best interest to act proactively so as to pre-empt fraudulent behaviour.

In this context, companies are investing in various platforms that help them strengthen their security and controls and make perpetration of fraud a lot more difficult, said Mr Armstrong.

"For example, a number of players in the knowledge processing outsourcing space in India do not allow their analysts access to local hard drives, disable the use of pen drives and prevent access to Internet mail. All these measures make it difficult for anyone to ship data out of the centre, which can be used for fraudulent purposes."

He added that in general, companies often lack the resources to effectively mine their own data.

"As yet, there are no effective tools that can effectively be `bolted on' to a company's ERP system to perform that analysis for them."

In conclusion, he said that companies must invest in the time to extract that information from their systems, review evidence from past behaviour to identify indicators of fraudulent activity and continuously audit their own data and identify non-compliant behaviour.